Explanation: The information system level is the tier 3. It addresses risks from an information system perspective, and is guided by the risk decisions at tiers 1 and 2. Risk decisions at tiers 1 and 2 impact the ultimate selection and deployment of requisite safeguards. This also has an impact on the countermeasures at the information system level. The RMF primarily operates at tier3 but it can also have interactions at tiers 1 and 2. Answer: A is incorrect. It is an invalid Tier description. Answer: D is incorrect. The Organization Level is the Tier 1, and it addresses risks from an organizational perspective. Answer: C is incorrect. The mission and business process level is the Tier 2, and it addresses risks from the mission and business process perspective.